It’s 10 O’clock; Do You Know What Your Employees Are Doing on the Web?

I don’t want to be the Internet police. Neither do you. We both have far more important things to do at work than worry about what our coworkers are doing on the Internet. Whether we are deploying patches, reviewing our firewall logs, or adding disk space to our SAN, practically anything we might have to do is more enjoyable, and provides more return on investment, than auditing Internet access logs to see who hits Facebook, who is downloading music, and who might be surfing naughty sites. But whether you are concerned more about the productivity lost to recreational use of the Internet, the bandwidth consumed downloading content, the risk to company systems from malware, or the potential legal and HR issues that come with accessing inappropriate or copyrighted materials, we cannot simply let users surf any and all sites without some degree of control and protection.

Web monitoring can be a critical part of your defensive strategy, preventing violations of policy, protecting against malware, and conserving bandwidth.

Web monitoring software is normally installed on a server at your border, or on an existing proxy server such as Microsoft’s Forefront TMG 2010. It protects your users in several ways, including assessing your users’ Internet access, and permitting or denying access to websites based on whitelists, blacklists, or categories. It can work with URL lists that are constantly updated and categorized to block access to sites deemed inappropriate by company policies. It also protects your users by scanning webpages for malicious scripts and downloads for malware, using multiple antivirus engines to scan downloaded content.

One of the biggest benefits to this approach is that the protection is in real-time, and can keep users out of harm’s way rather than simply logging that they did something wrong. Many times, users may click a link that they think is harmless, only to find out after the fact that it went somewhere they shouldn’t. Even safe sites might be compromised; scanning downloads helps to protect users from malware posted to hacked sites.

In some cases, logging individual access may prove to be necessary. Web monitoring software can be set up for logging all access to the web by any or all users. Logs can be reviewed to ensure compliance with policy or to investigate violations. Just be sure that your written policies cover this and that you have disclosed this activity to your users. Check with your HR and legal counsel to make sure everything is in accordance with company policy and legal requirements, and look for software that can anonymize data if you have users within Germany, Italy, or other jurisdictions with privacy laws that might impact logging of users’ activities.

Here are some other key features to look for in a web monitoring solution:

Multiple antivirus engines to scan downloads for malware

The ability to terminate and inspect SSL traffic

A constantly updated URL database to help block categories that violate policy

Agentless install options to simplify deployment

Policies that can be enforced by user, group or ip.addr, and by time of day.

Web monitoring software provides several key protections for your users, and your network. Whether you use this to review website access, or simply to prevent users from straying into the more questionable areas of the web, are entirely up to you. You can perform a periodic review of web access if management deems it necessary, or simply choose to use an automated process to block access to those parts of the web that don’t comply with company policy, but in all cases, protecting your users protects your systems.

About the Author: Ed Fisher

Ed Fisher is an information systems manager and blogger at several sites including his own site, http://retrohack.com. An InfoTech professional, aficionado of capsaicin, and Coffea canephora (but not together,) he has been getting my geek on full-time since 1993, and has worked with information technology in some capacity since 1986. Stated simply, if you need to get information securely from point A to B, he’s your guy. He is like “The Transporter,” but for data, and without the car; and with a little more hair.

4 Comments

David Broussard June 7, 2011 at 1:09 pm

I think most bottom-line employees feel like web monitoring is more of a Big Brother issue rather than protecting their jobs and the company network’s health and security. The use of automated systems rather than somebody peering over logs looking for that “gotcha” moment goes a long way to rectify that misunderstanding. It’s not about trying to find where people screw up, it’s about preventing serious or long-term damage as a consequence of supposedly harmless action.

Jean Loyens June 9, 2011 at 11:12 am

Just like the coin, a web monitoring solution has two faces. There’s the employee-employer perspective and the security-privacy viewpoint.

The key features mentioned above are the basic tools a web monitoring solution should have. However, what Ed failed to mention is that this kind of IT management platform should have a control that lets two opposing standpoints meet in between.

For instance, when it comes to security-privacy, a web monitoring solution should have a limit to what data and activities are monitored, stored, and reported. This way, a win-win scenario can be achieved.

Anonymouse_Cat June 14, 2011 at 9:27 am

Do you know what your employees are doing on the web?

As a former office manager, this question is difficult to answer. Speaking on my own experience, most of my former employees are hesitant toward web monitoring software. And I agree. Privacy can be breached when using such tool.

However, on the management and business sides, web monitoring solutions are heaven sent. For me, it made my job easier. After installing it within 2 weeks, I noticed my employees’ productivity doubled. It’s because they are more focused to the given tasks.

Carter Rubens July 11, 2011 at 7:47 pm

I would add to what Jean says that it also matters WHO can access the collected information – the admins, the top managers, the HR department, etc. Sometimes managers use the collected information against employees who do no wrong but the managers want to sabotage this employee – for instance because the employee is pretty smart and would make a better boss than the present manager.